whmcs hacked
- Thread starter cdog
- Start date
CC details fully decryptable too, since they store the key in the config file 
We just bought WHMCS last month and started Plesk on it, and from the start we deployed ours differently, it is amazing that they ran everything on a single server, license verify, tickets, billing, website etc just amazing.
Note however that it was not via WHMCS itself, but by incredibly insecure practices by their host and owner that lead to this.
We had tried a couple other automation systems before launching plesk, and another coming product, but they just did not work well, WHMCS is not perfect either, but it did better in most regards than others.
I hope that this incident, the 2nd in 6 months, will change their first focus to security, of their setup and hosting infrastructure, and of their product.
We just bought WHMCS last month and started Plesk on it, and from the start we deployed ours differently, it is amazing that they ran everything on a single server, license verify, tickets, billing, website etc just amazing.
Note however that it was not via WHMCS itself, but by incredibly insecure practices by their host and owner that lead to this.
We had tried a couple other automation systems before launching plesk, and another coming product, but they just did not work well, WHMCS is not perfect either, but it did better in most regards than others.
I hope that this incident, the 2nd in 6 months, will change their first focus to security, of their setup and hosting infrastructure, and of their product.
cdog
Perch
A horrible situation that you wouldn't wish on nayone..
I've already had some failed whmcs admin area login attempts from japan and south america which is why i thought I would post it here.
We had another registrar/host here in Australia hacked in the same way, victim of social networking attack. That company went broke within 10 days of the attack, offsite backups deleted, every server hard disk wiped, database and database backups deleted.
Probably an interesting case for resellers, I couldn't count the amount of calls I get from contractors and web designers asking for ftp/control panel details to my customers sites with the reasoning being that the account holder gave them my number.
I've already had some failed whmcs admin area login attempts from japan and south america which is why i thought I would post it here.
We had another registrar/host here in Australia hacked in the same way, victim of social networking attack. That company went broke within 10 days of the attack, offsite backups deleted, every server hard disk wiped, database and database backups deleted.
Probably an interesting case for resellers, I couldn't count the amount of calls I get from contractors and web designers asking for ftp/control panel details to my customers sites with the reasoning being that the account holder gave them my number.
We are working on policies for that as well, in fact with the VPS side it gets super confusing, having someones server signed up by someone else, but the owner paying, but mostly not active in talking to us. We have been very careful of late to ensure verified owner in tickets, even if some customers don't like it initially they need to realize they can't just email or chat us from anywhere and request all these things, but we have to follow a process.
And forums and blog of WHMCS hacked now, I really have no words for this entire situation.
And forums and blog of WHMCS hacked now, I really have no words for this entire situation.
Joshthegod, meet Mr FBI.
http://www.fbi.gov/newyork/press-re...as-part-of-international-cyber-crime-takedown
http://www.fbi.gov/newyork/press-re...as-part-of-international-cyber-crime-takedown